![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] SpamCop doesn't parse routing info correctly
Tristan Miller
psychonaut at nothingisreal.com
Fri Apr 14 04:00:01 EDT 2006
I'm running into an odd problem where SpamCop fails to correctly identify
the source of an e-mail.
Here's the situation: the spammer in question is a crazy guy who has been
mass mailing his incoherent rants to everyone in his address book for
years. He always uses a Yahoo! Mail account, which he logs into at some
public access library terminal at the University of Arizona. (He has
admitted as much.) When I forward to SpamCop an offending e-mail that I
received at my personal account (psychonaut at nothingisreal.com), SpamCop
correctly identifies the source as an IP at the University of Arizona. My
employer (spgb at worldsocialism.org) is also on the spammer's mailing list.
However, when *they* (or I) send their copy of the very same e-mail to
SpamCop, it fails to identify the source as the University of Arizona.
This is very strange, since both copies of the e-mail contain the same
Received header giving a U of A IP (128.196.165.21 =
PUB-E3.AHSL.Arizona.EDU):
Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP;
Wed, 12 Apr 2006 16:07:39 PDT
Both our domains, nothingisreal.com and worldsocialism.org, are hosted by
DreamHost. The only major difference in our setup is that I use fetchmail
to download my mail via POP3 from mail.nothingisreal.com and deliver it to
a local mail server, whereas my employer checks mail via IMAP on
mail.worldsocialism.org.
I reproduce here the headers of the e-mail in question in case anyone wants
to check with SpamCop themselves. (SpamCop seems to allow submission of
headers without a body for parsing purposes.)
Here is the version I received which SpamCop correctly parses. Tracking
URL:
<http://www.spamcop.net/sc?id=z919791081z249ddd61c3743f1bde510714fd343b2az>
Return-Path: <moreevilbaddeals at yahoo.com>
X-Original-To: psy at localhost
Delivered-To: psy at localhost.worldsocialism.org
Received: from localhost (localhost [127.0.0.1])
by polecat.worldsocialism.org (Postfix) with ESMTP id 04EA6903D9
for <psy at localhost>; Thu, 13 Apr 2006 00:15:50 +0100 (BST)
X-Original-To: psychonaut at nothingisreal.com
Delivered-To: frettchen at randymail-mx2.dreamhost.com
Received: from mail.nothingisreal.com [208.97.132.24]
by localhost with POP3 (fetchmail-6.2.5)
for psy at localhost (single-drop); Thu, 13 Apr 2006 00:15:50 +0100 (BST)
Received: from web35715.mail.mud.yahoo.com (web35715.mail.mud.yahoo.com
[66.163.179.169])
by randymail-mx2.dreamhost.com (Postfix) with SMTP id B492913B3E0
for <psychonaut at nothingisreal.com>; Wed, 12 Apr 2006 16:07:40 -0700 (PDT)
Received: (qmail 4652 invoked by uid 60001); 12 Apr 2006 23:07:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=rb80uMH7Kp4m/VGyzMC0i7vOkVAkMZ4UCxjNcwT5NIAsa2OhjLIOQiGfDr5u3GeGDVNiJh5gP4IrizKokJRF8JJ22pQ9LRZonUf2+SImTvUXUDFs1tQ9LHS8Y5VA/E/nM4GsuqMwaKflXpB9gec0jEg2CTyAnB6DWWQPf8/MIZw= ;
Message-ID: <20060412230739.4650.qmail at web35715.mail.mud.yahoo.com>
Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP;
Wed, 12 Apr 2006 16:07:39 PDT
Date: Wed, 12 Apr 2006 16:07:39 -0700 (PDT)
From: L-ightist Economist <moreevilbaddeals at yahoo.com>
Subject: Fwd: Re: JB: Emails Violated and Erased by Unknown; Cannot
Respond Immediately...EXPEL ME
Here is the version my employer received which SpamCop doesn't correctly
parse. Tracking URL:
<http://www.spamcop.net/sc?id=z919793041z85093855a4505837202f64fc298ebaa6z>
Return-Path: <moreevilbaddeals at yahoo.com>
X-Original-To: spgb at worldsocialism.org
Delivered-To: spgb at randymail-mx1.dreamhost.com
Received: from enforcer.dreamhost.com (enforcer.dreamhost.com
[66.33.220.4])
by randymail-mx1.dreamhost.com (Postfix) with ESMTP id D18C434339
for <spgb at worldsocialism.org>; Wed, 12 Apr 2006 16:07:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by enforcer.dreamhost.com (Postfix) with ESMTP id AE0C017D010
for <spgb at worldsocialism.org>; Wed, 12 Apr 2006 16:07:47 -0700 (PDT)
Received: from enforcer.dreamhost.com ([127.0.0.1])
by localhost (enforcer [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 04356-06 for <spgb at worldsocialism.org>;
Wed, 12 Apr 2006 16:07:46 -0700 (PDT)
Received: from hesl01uker.he.local (smtpout.btconnect.com [213.123.26.90])
by enforcer.dreamhost.com (Postfix) with ESMTP id ED6DF17D025
for <spgb at worldsocialism.org>; Wed, 12 Apr 2006 16:07:45 -0700 (PDT)
Received: from c2bthimr02.btconnect.com ([194.73.73.202]) by
hesl01uker.he.local with Microsoft SMTPSVC(6.0.3790.211);
Thu, 13 Apr 2006 00:07:42 +0100
Received: from web35715.mail.mud.yahoo.com (web35715.mail.mud.yahoo.com
[66.163.179.169])
by c2bthimr02.btconnect.com (MOS 3.5.9-GR)
with SMTP id FRP26850;
Thu, 13 Apr 2006 00:06:54 +0100 (BST)
Received: (qmail 4652 invoked by uid 60001); 12 Apr 2006 23:07:39 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding;
b=rb80uMH7Kp4m/VGyzMC0i7vOkVAkMZ4UCxjNcwT5NIAsa2OhjLIOQiGfDr5u3GeGDVNiJh5gP4IrizKokJRF8JJ22pQ9LRZonUf2+SImTvUXUDFs1tQ9LHS8Y5VA/E/nM4GsuqMwaKflXpB9gec0jEg2CTyAnB6DWWQPf8/MIZw= ;
Message-ID: <20060412230739.4650.qmail at web35715.mail.mud.yahoo.com>
Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP;
Wed, 12 Apr 2006 16:07:39 PDT
Date: Wed, 12 Apr 2006 16:07:39 -0700 (PDT)
From: L-ightist Economist <moreevilbaddeals at yahoo.com>
Subject: Fwd: Re: JB: Emails Violated and Erased by Unknown; Cannot
Respond Immediately...EXPEL ME
--
_
_V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
/ |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
(7_\\ http://www.nothingisreal.com/ >< To finish what you
More information about the SpamCop-Help
mailing list